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DETAILED ACTION 



1. Claims 1, 2, 6, 10, 12, and 16 are pending. 



Response to Arguments 



2. Applicant's arguments with respect to claims 1 , 2, 6, 1 0, 1 2, and 1 6 have been 
considered and are not persuasive. 

3. Applicant argues on page 7 that the combination of references fails to teach 
receiving a packet... from any station of the group of stations. Examiner respectfully 
disagrees. Chandran teaches receiving a packet... from any station of the group of 
stations (Chandran, column 2 lines 41-67) by teaching receiving a packet from a cable 
modem at a CMTS. Each cable modem is a station of the group of stations associated 
with the ISP. 

4. Applicant further argues on page 7 that the combination of references fails to 
teach adding a group header including a group identifier corresponding to the group of 
stations. Examiner respectfully disagrees. Chandran teaches adding a group header 
including a group identifier corresponding to the group of stations (Chandran, column 2 
lines 41-67) by teaching that the CMTS tags the packet with a MPLS tag based upon 
which data flow the packet is associated with. 

5. Applicant further argues that the combination of references fails to teach 
transforming the packet according to the group security association associated with the 
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group identifier. Examiner respectfully disagrees. Chandran teaches transforming the 
packet according to the group security association associated with the group identifier 
(Chandran, column 2 lines 1-7, MPLS-VPN tag used for security policies on the traffic) 
by teaching that the MPLS tag is used as a basis for applying security to a packet. 
Thus, a data transformation is executed on the packet on the basis of the MPLS tag on 
the packet. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a 
person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived 
by the manner in which the invention was made. 

6. Claims 1, 2, 6, 10, 12, and 16 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Hoke et al US Patent No. 6,701 ,437 in view of Hama US Patent No. 
7,072,346. 

7. With regards to claim 1 , Hoke teaches receiving a packet at the ingress point of 
the backbone from any sending station (Hoke, column 7 lines 46-53, column 16 lines 
23-31, VPN unit receives) the packet including an original header with a source IP 
address of the sending station and a destination IP address of the receiving station of 
the group of stations (Hoke, column 16 lines 23-31 , Figures 7 and 8), receiving a packet 
at the ingress point of the backbone (Hoke, column 7 lines 46-53, VPN unit receives 
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packet), a packet including an identifier corresponding to the group of stations and a 
destination address for the packet (Hoke, column 7 lines 46-53, addressed to the VPN, 
encapsulation includes destination address), transforming, at the ingress point of the 
backbone, the packet according to the group security association associated with the 
identifier (Hoke, column 7 lines 46-53, column 9 lines 18-34 and column 9 lines 60-67), 
forwarding the transformed packet over the backbone using the group identifier as a 
backbone address (Hoke, column 7 lines 46-58, strips off), receiving at the egress point 
in the backbone, the transformed packet (Hoke, Figure 4), restoring, at the egress point 
in the backbone, the transformed packet according to the group security association 
associated with the group identifier (Hoke, Figure 4), transforming, at the egress point in 
the backbone, the restored packet by removing the group header (Hoke, Figure 4), and 
forwarding to the restored packet to the receiving station (Hoke, Figure 4). Hoke fails to 
teach the packet including a group identifier and a destination for the packet and the 
ingress point being a provider edge device. However, Hama teaches receiving a packet 
including a group identifier and a destination for the packet and forwarding the 
transformed packet using the group identifier (Hama, column 10 lines 25-53, destination 
address contained in the packet, when packet enters... VID contained in tag) wherein 
the ingress point is a provider edge device (Hama, Abstract, edge routers provided 
between the MPLS network and VLANs for interfacing between two). Chandran 
receiving a packet from any station of a group of stations (Chandran, column 2 lines 46- 
61) teaches transforming the packet by adding a group header including a group 
identifier corresponding to the group of stations (Chandran, column 2 lines 46-61 , data 
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packet is tagged with MPLS tag at the cmts) and transforming the packet using the 
group identifier (Chandran, column 2 lines 1-7, MPLS-VPN tag used for security policies 
on the traffic) whereby the same security association is used for communication 
between any pair of stations of the group of stations (Chandran, column 2 lines 1 -1 0, 
each ISP assigned a MPLS tag). At the time the invention was made, it would have 
been obvious to a person of ordinary skill in the art to utilize Hama and Chandran's 
method of using group identifiers because it offers the advantage of allow terminals 
belong to the same VLAN to communicate with each other regardless of where they are 
installed (Hama, column 2 lines 4-20) and because it offers the advantage of allowing 
the application of different security and routing treatment to multiple traffic flows being 
transmitted over a shared link (Chandran, column 1 lines 55-67). 

8. With regards to claim 2, Hoke as modified teaches retaining fields of the packet 
needed to transfer the packet to the destination address over the backbone (Hoke, 
column 7 lines 47-57, encapsulates). 

9. With regards to claims 6, 10, and 12, Hoke teaches receiving, at the egress 
point of the backbone, group security association data for the group (Hoke, column 16 
lines 23-31 , VPN unit receives), receiving a packet at the egress point of the backbone, 
restoring the packet responsive to the group security association data associated with 
the group (Hoke, column 7 lines 47-57, strip off), and forwarding the packet to the 
destination (Hoke, column 7 lines 55-57). Hoke fails to teach the packet including a 
group identifier and a destination for the packet and the egress point being a provider 
edge device. However, Hama teaches receiving a packet including a group identifier 
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and a destination for the packet (Hama, column 10 lines 25-53, destination address 
contained in the packet, when packet enters... VID contained in tag) wherein the egress 
point is a provider edge device (Hama, Abstract, edge routers provided between the 
MPLS network and VLANs for interfacing between two). At the time the invention was 
made, it would have been obvious to a person of ordinary skill in the art to utilize 
Hama's method of using group identifiers because it offers the advantage of allow 
terminals belong to the same VLAN to communicate with each other regardless of 
where they are installed (Hama, column 2 lines 4-20). 

10. With regards to claim 13, Hoke as modified teaches the group comprising at 
least three stations (Hoke, Figure 1). 

1 1 . With regards to claim 16, Hoke as modified teaches the means for securing 
data includes transform logic for encrypting only a portion of data transferred between 
the ingress point and the egress point of the communication link (Hoke, column 9 lines 
61-67, encapsulated portion of data is encrypted, but not VPN headers). 



Conclusion 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to ANDREW L. NALVEN whose telephone number is 
(571)272-3839. The examiner can normally be reached on Monday - Thursday 8-6, 
Alternate Fridays. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand can be reached on 571 272 381 1 . The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/Andrew L Nalven/ 
Examiner, Art Unit 2134 



